base-files: tune fragment queue thresholds for available system memory
authorMatthias Schiffer <mschiffer@universe-factory.net>
Mon, 5 Mar 2018 08:13:53 +0000 (09:13 +0100)
committerMatthias Schiffer <mschiffer@universe-factory.net>
Wed, 7 Mar 2018 18:13:41 +0000 (19:13 +0100)
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
package/base-files/Makefile
package/base-files/files/etc/init.d/sysctl

index 38d72fd..40963d5 100644 (file)
@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/version.mk
 
 PKG_NAME:=base-files
-PKG_RELEASE:=173.4
+PKG_RELEASE:=173.5
 PKG_FLAGS:=nonshared
 
 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
index 3a497fb..65e6aa9 100755 (executable)
@@ -3,22 +3,33 @@
 
 START=11
 
-set_vm_min_free() {
-       mem="$(grep MemTotal /proc/meminfo  | awk '{print $2}')"
+apply_defaults() {
+       local mem="$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)"
+       local min_free frag_low_thresh frag_high_thresh
+
        if [ "$mem" -gt 65536 ]; then # 128M
-               val=16384
+               min_free=16384
        elif [ "$mem" -gt 32768 ]; then # 64M
-               val=8192
-       elif [ "$mem" -gt 16384 ]; then # 32M
-               val=1024
+               min_free=8192
        else
-               return
+               min_free=1024
+               frag_low_thresh=393216
+               frag_high_thresh=524288
        fi
-       sysctl -qw vm.min_free_kbytes="$val"
+
+       sysctl -qw vm.min_free_kbytes="$min_free"
+
+       [ "$frag_low_thresh" ] && sysctl -qw \
+               net.ipv4.ipfrag_low_thresh="$frag_low_thresh" \
+               net.ipv4.ipfrag_high_thresh="$frag_high_thresh" \
+               net.ipv6.ip6frag_low_thresh="$frag_low_thresh" \
+               net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
+               net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
+               net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
 }
 
 start() {
-       set_vm_min_free
+       apply_defaults
        for CONF in /etc/sysctl.conf /etc/sysctl.d/*.conf; do
                [ -f "$CONF" ] && sysctl -p "$CONF" -e >&-
        done